diff --git a/nginx/nginx.sh b/nginx/nginx.sh
new file mode 100644
index 0000000..42f8d5d
--- /dev/null
+++ b/nginx/nginx.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# Run this script with "(sudo) bash <filename> <args>".
+
+# Exit on error.
+#set -e
+# Debug
+set -eux
+
+# Install Debian nginx-full & ssl-cert package.
+apt install nginx-full ssl-cert
+
+# Disable default site configuration.
+rm -vf /etc/nginx/sites-enabled/default
+
+# Simple default ssl-only configuration using snippets/snakeoil.conf.
+cat <<NGX > /etc/nginx/sites-available/custom-default
+# Add custom http block options, upstreams etc into a file like snippets/custom-default-10-myupstream.pre.
+include snippets/custom-default-*.pre;
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
+    include snippets/snakeoil.conf;
+
+    # Add custom server block options, api locations etc into a file like snippets/custom-default-api.inc.
+    include snippets/custom-default-*.inc;
+}
+NGX
+
+# Enable our custom default config. 
+ln -sfv /etc/nginx/sites-available/custom-default /etc/nginx/sites-enabled/custom-default
+
+nginx -t
+
+systemctl force-reload nginx